I am fully aware of what vpn services to use and not. I am not using Express VPN, I am simply doing research for a master thesis, when I came across these results from Express VPN. If you have any ideas or corrections, please let me know why a VPN provider would need to have access to these permissions.
Screenshot is from Exodus service, which let's you view what exactly perimissions and trackers each app uses. You can check out the results and the tool for yourself here: https://reports.exodus-privacy.eu.org/en/reports/com.expressvpn.vpn/latest/
Ah okay that might justify the camera permission, although personally wouldn't see the need to have that.
Would definitely prefer to see it be an "as needed" basis, like ask every time
That is probably possible, since Android usually asks about that nowadays.
You can often just deny permissions and it will work fine, just nag you sometimes
I don't imagine express is wireguard under the hood but that's a pretty common wireguard configuration method.